Health IT has tremendous potential in addressing the major challenges we face in healthcare: improving patient safety and quality of care and managing costs while improving efficiency.
One of the most visible challenges that health IT faces is the question of protecting privacy. If patient privacy cannot be protected, patients will not trust a system with accurate, complete medical information, rendering the system useless.
Properly designed, greater adoption of health IT offers the potential to improve patient privacy. For example, electronic records enable patients to selectively give access to parts of their medical record to specific individuals. Electronic records can also audit access to medical records. Neither of these are practical with paper records.
Last month, the Alliance for Health Reform and the Divided We Fail initiative hosted a luncheon briefing on privacy and health IT to discuss ways to move forward and break the legislative logjam over privacy. Jodi Daniel from the Office of the National Coordinator for Health Information Technology, Deborah Peel from Patient Privacy Rights and John Rother from the AARP spoke about various technology, market and legislative approaches to addressing the issue of health privacy. One approach they did not discuss was open source.
Open source can provide a crucial level of transparency into how an electronic medical record or personal health record works. Today, we can understand the privacy and security protections of the traditional paper medical record system. As healthcare transitions to an electronic medical system, the public must be assured that these systems actually do what they claim to do in protecting patient privacy and security. Deborah Peel’s Privacy Rights Certified is moving in the right direction in creating an independent organization that will certify personal health records and electronic medical records. However, in order to ensure complete accountability, experts must be allowed to examine actual implementations instead of treating these systems as black boxes. Otherwise, certification organizations will have to rely on vendor assertions to “prove” patient protections, and any privacy violations will only be discovered after medical data is exposed. Medical records contain some of the most sensitive data about an individual, and patient trust and privacy can only be achieved if appropriate protections are put in place.